1 INFO-VAX	Sat, 22 Sep 2001	Volume 2001 : Issue 528       Contents: %SYSTEM-F-EXBUFOBJLM* another display user address node question. Re: another display user address node question. Re: another display user address node question Re: CETS2001 presentations Re: emacs for the alpha/vms ' HP Commitments (was Compaq Commitments) + Re: HP Commitments (was Compaq Commitments) D Re: In times like these ... OpenVMS now more than ever for security!D Re: In times like these ... OpenVMS now more than ever for security!D Re: In times like these ... OpenVMS now more than ever for security!A Re: OT: Gartner Recommends Businesses Look At Alternatives To IIS A Re: OT: Gartner Recommends Businesses Look At Alternatives To IIS  Re: OT:: Re: World Trade Center  Re: OT:: Re: World Trade Center  Re: OT:: Re: World Trade Center  Re: Really Unhackable...???? Re: Really Unhackable...???? Re: Really Unhackable...???? Re: Really Unhackable...???? Re: Really Unhackable...???? Re: Really Unhackable...????D Re: The most hated country in the world ( was Re: Bomb The Mosques ) Re: VAX disaster tolerance Re: VAX disaster tolerance Re: World Trade Center Re: World Trade Center Re: World Trade Center  F ----------------------------------------------------------------------    Date: 22 Sep 2001 07:27:21 -0700- From: roli@barmettler.net (Roland Barmettler)  Subject: %SYSTEM-F-EXBUFOBJLM = Message-ID: <235cf5c3.0109220627.2d79b3b2@posting.google.com>    Hi Folks  5 I'm new to VMS, so perhaps this is a stupid question: 6 Whenever I connect to my Linux Workstation over DECnet5 (set host), and redirected some X11 programs onto the 1 VMS screen, I can't open any additional DECterms.  They all fail with: B %SYSTEM-F-EXBUFOBJLM, exceeded systemwide buffer object page limit (MAXBOBMEM)   F Logging off and on again doesent help, logon over the network (DECnet)< still works. The only way I found to fix it was to reboot...  ; It's a AlphaStation 250 4/266 96MB RAM running OpenVMS 7.2, 2 TCPIP V5.0-9, DWMOTIF V1.2-5 and DECNET_OSI V7.2 .   Thanks for any help.   Regards, Roland   ------------------------------  % Date: Sat, 22 Sep 2001 11:58:00 +0200 , From: "Douglas Nichols" <dnichols@xs4all.nl>3 Subject: another display user address node question * Message-ID: <9ohnat$6da$1@news1.xs4all.nl>  8 I am logging in to a vms(7.2)/alpha, using reflectionsX.  which looks something like this:< ...pcx$server.com 4\,%#%\,0\,TCPIP\,%IP% $CREATE/TERM/DETACH I connect fine. 1 >> show display ! yields: ( Note numbers made up)  a4100> show display        Device:    WSA33:  [super]     Node:      999.31.90.231     Transport: TCPIP     Server:    0     Screen:    0  G So where is this stored and how can I get that Node: (ip address into a  var?)?B I have tried listing every logical, and looked into several of the f$functions ie:   ) write sys$output f$trnlnm("sys$rem_node") 4 write sys$output f$trnlnm ("sys$rem_id") - "TELNET_"% write sys$output f$getsyi("nodename") 0 write sys$output F$GETDVI ("TT", "TT_ACCPORNAM")  E except for node name, which is the server node anme, these are empty.    thanks for your help!  dn   ------------------------------  % Date: Sat, 22 Sep 2001 13:51:13 +0200 , From: "Bart Zorn" <B.Zorn@TrueBit.nospam.nl>7 Subject: Re: another display user address node question ; Message-ID: <3bac7bf6$0$65636$e4fe514c@newszilla.xs4all.nl>   7 "Douglas Nichols" <dnichols@xs4all.nl> wrote in message $ news:9ohnat$6da$1@news1.xs4all.nl...: > I am logging in to a vms(7.2)/alpha, using reflectionsX." > which looks something like this:> > ...pcx$server.com 4\,%#%\,0\,TCPIP\,%IP% $CREATE/TERM/DETACH > I connect fine. 3 > >> show display ! yields: ( Note numbers made up)  > a4100> show display  >   >     Device:    WSA33:  [super] >     Node:      999.31.90.231 >     Transport: TCPIP >     Server:    0 >     Screen:    0 > I > So where is this stored and how can I get that Node: (ip address into a  > var?)?D > I have tried listing every logical, and looked into several of the > f$functions ie:  > + > write sys$output f$trnlnm("sys$rem_node") 6 > write sys$output f$trnlnm ("sys$rem_id") - "TELNET_"' > write sys$output f$getsyi("nodename") 2 > write sys$output F$GETDVI ("TT", "TT_ACCPORNAM") > G > except for node name, which is the server node anme, these are empty.  >  > thanks for your help!  > dn   You can use:   $ SHOW DISPLAY/SYMBOL   	 Bart Zorn    ------------------------------  % Date: Sat, 22 Sep 2001 17:38:18 +0200 2 From: martin@radiogaga.harz.de (Martin Vorlaender)7 Subject: Re: another display user address node question ; Message-ID: <3bacb06a.524144494f47414741@radiogaga.harz.de>   + Bart Zorn (B.Zorn@TrueBit.nospam.nl) wrote: 1 > "Douglas Nichols" <dnichols@xs4all.nl> wrote...  > > a4100> show display  > > " > >     Device:    WSA33:  [super]  > >     Node:      999.31.90.231 > >     Transport: TCPIP > >     Server:    0 > >     Screen:    0 > > K > > So where is this stored and how can I get that Node: (ip address into a 
 > > var?)? >  > You can use: >  > $ SHOW DISPLAY/SYMBOL   G Note that this is an undocumented, unsupported, can-go-away-at-any-time . feature. But it's the only way I know of, too.   cu,    Martin --  D                         | Martin Vorlaender  |  VMS & WNT programmer1  VMS is today what      | work: mv@pdv-systeme.de E  Microsoft wants        |    http://www.pdv-systeme.de/users/martinv/ 8  Windows NT 8.0 to be!  | home: martin@radiogaga.harz.de   ------------------------------  % Date: Sat, 22 Sep 2001 12:45:34 +0200   From: Paul Sture <paul@sture.ch># Subject: Re: CETS2001 presentations + Message-ID: <VA.00000456.003d6dc6@sture.ch>   E In article <IsOq7.482$YP.17089@news.cpqcorp.net>, Hoff Hoffman wrote: C > Seven of the OpenVMS Engineering CETS2001 presentations -- those  I >   presentations that I have immediate access to -- should be available  0 >   on-line by 22-Sep-2001 (tomorrow; Saturday). > G >   This includes the four presentations that I used, and presentations H >   by Clair Grant and by Gaitan D'antoni.  These presentations will be  >   available (by tomorrow) at:  > 2 >     http://www.openvms.compaq.com/presentations/ > C >   Mark Gorham's CETS2001 presentation is already available at the " >   website, and can be viewed at: > 9 >     http://www.openvms.compaq.com/openvms/strategy.html  > O And I'll just note for those who don't have access to M$ Powerpoint, that Star  ? Office 5.2 (on Linux) copes with these presentations admirably.  ___ 
 Paul Sture Switzerland    ------------------------------  % Date: Sat, 22 Sep 2001 12:34:47 +0200   From: Paul Sture <paul@sture.ch>$ Subject: Re: emacs for the alpha/vms+ Message-ID: <VA.00000455.00338c97@sture.ch>   J In article <3BAB3B78.BFF79D85@NOSPAMcompaq.com>, Charlie McCutcheon wrote: > Douglas Nichols wrote: > P > > Does anyone know where we/I can get a copy of emacs for the alpha machine? II > > am quite fedup with the tpu editor, not that it is bad mind you. Just  > > preference.  > > 
 > > thanks > > dn > 2 > I know GNU Emacs is available for OpenVMS Alpha. > P > Looks like http://www.openvms.compaq.com/freeware/freeware40/emacsv1928/ mightH > get you what you want.  This is the Freeware disk supplied by OpenVMS. > N > I haven't downloaded from here, so I can't give further instructions, sorry. > Q I tried it last week - no binaries on the disk, and I'm having trouble compiling   it, this on Alpha V7.2-1H1  G 1. MMS gives an access violation, almost immediately I start the build. P 2. I installed MMK (also from the Freeware CD) and then got a compilation error ; (inconsistent declaration error for variable strdup, IIRC).   K Sorry I can't be more specific with error messages - I forgot to bring the   details home yesterday.    ___ 
 Paul Sture Switzerland    ------------------------------  % Date: Sat, 22 Sep 2001 09:37:36 +0200 & From: John McLean <mcleanj@dplanet.ch>0 Subject: HP Commitments (was Compaq Commitments)* Message-ID: <3BAC3FC0.41768DBA@dplanet.ch>   "David J. Dachtera" wrote: >  > Rick Nickles wrote:  > > L > > I don't know about anybody else, but I'm getting weary of hearing  aboutG > > Compaq's commitments to this and that - when they continually break  > > these commitments. .... > J > Yeah: IMHO, the subject line of this thread is an oxymoron. "Compaq" and( > "Commitments" are diametric opposites. >  .....   > Does anyone have any idea if HP commitments are any better ???  1 Do they actively market their high-end products ?   0 What can we (as VMS people) expect from them ?       John McLean    ------------------------------  % Date: Sat, 22 Sep 2001 14:06:11 -0400 - From: JF Mezei <jfmezei.spamnot@videotron.ca> 4 Subject: Re: HP Commitments (was Compaq Commitments), Message-ID: <3BACD312.63AAA785@videotron.ca>   John McLean wrote:@ > Does anyone have any idea if HP commitments are any better ??? > 3 > Do they actively market their high-end products ?   J Does MPE have the potential that VMS has ? If MPE is truly a dead end withL nothing particular in terms of features and potential, then it is acceptable) to see HP maintain it but not feature it.   J But until I actually see concrete long lasting changes in the treatment ofL VMS, "obscurity as usual" continues to be the way VMS will be treated as farT as I am concerned. Pointless to speculate and it does more harm to give false hopes.   ------------------------------    Date: 22 Sep 2001 02:12:58 -0700) From: P.Young@unsw.EDU.AU (Patrick Young) M Subject: Re: In times like these ... OpenVMS now more than ever for security! = Message-ID: <55f85d77.0109220112.17797765@posting.google.com>   m bob@instantwhip.com (Bob Ceculski) wrote in message news:<d7791aa1.0109211252.61963b9d@posting.google.com>... ? > i am reading all of these articles as every day goes by about  > increased B > concerns for security ... nimba ... bimba ... all these bugs ...E > and i just sit back and say to myself, what security problems, what 
 > internetF > mail bugs, with vms i don't have these worries!  it nice not to have > these problems, isn't it?   E Yes, it *_sure is_*. Latest between myself and our Comms group (Comms H group made a single digit error in an IP address and had the audacity to5 accuse an OpenVMS box). I hope I was not too harsh...   I -- The following machines belong to your Subnets/ Vlans and may have been $ -- infected with the W32/Nimda worm.B -- <ip addr>            aa:00:04:00:01:04        www.<blah>.edu.auF -- connected at quadu24s1 (<some ip>:WS-C2924-XL) port FastEthernet0/8  K - This site is OpenVMS/Apache (ie: immune to all worms and virii by design) N - and not Window(tm)/IIS(r) trashware. You can verify this by the DECNET styleH - HW address and a simple telnet. Are you sure you have your informationH - correct? I will not deny that there may be files uploaded by staff whoL - publish content to the site that might contain one or more virii - howeverJ - that is not my problem, and not my place to interfere - I could only askO - them to remove such files. I don't believe there are currently any Window(tm) : - executable files on that site or the worm you mention...  " - X dir grp$www:[actuarial...].exe  # - %DIRECT-W-NOFILES, no files found   - - X search grp$www:[actuarial...] "R.P.China" ) - %SEARCH-I-NOMATCHES, no strings matched   K -- within 24 hours of receipt, will have that machine disconnected from the   N - Do this, then myself and the Faculty Executive Officer will [not be amused].   Sigh.    ------------------------------  % Date: Sat, 22 Sep 2001 11:29:53 +0200   From: Paul Sture <paul@sture.ch>M Subject: Re: In times like these ... OpenVMS now more than ever for security! + Message-ID: <VA.00000454.0a7d8bf0@sture.ch>   J In article <9oga81$l7r$1@newsmaster.cc.columbia.edu>, Frank da Cruz wrote:N > In article <01092113585882@lto.locktrack.com>,  <Lorin@LockTrack.com> wrote:= > : Yes, I do agree... at least as far as my server-side apps ; > : are concerned.  Unfortunately, many of us are forced by < > : circumstances or other things to use Windows-crap on our? > : desktops, at home, etc., so we're no more immune to generic ? > : security concerns than anyone else.  For example, one of my @ > : staff got nailed big-time by Nimba this week... cost: 3 daysC > : elapsed to erradicate/restore his desktop and get back to work,  > : actually nearly 6 man-days.  > : H > It's happening everywhere, all the time.  Add it up.  When you finally > can't take it any more see:  > , >   http://www.columbia.edu/kermit/safe.html > 7 Thanks for the link. I'll recommend that folks read it.   L On a related tack, I came across the following article on moving to a Linux N desktop as a replacement for Windows. This guy actually did it, and saved his ; client money too: http://robval.com/linux/desktop/index.asp    >    ___ 
 Paul Sture Switzerland    ------------------------------  % Date: Sat, 22 Sep 2001 11:57:54 -0500 1 From: "David J. Dachtera" <djesys.nospam@fsi.net> M Subject: Re: In times like these ... OpenVMS now more than ever for security! ' Message-ID: <3BACC312.D04468E5@fsi.net>    Paul Sture wrote:  > L > In article <9oga81$l7r$1@newsmaster.cc.columbia.edu>, Frank da Cruz wrote:P > > In article <01092113585882@lto.locktrack.com>,  <Lorin@LockTrack.com> wrote:? > > : Yes, I do agree... at least as far as my server-side apps = > > : are concerned.  Unfortunately, many of us are forced by > > > : circumstances or other things to use Windows-crap on ourA > > : desktops, at home, etc., so we're no more immune to generic A > > : security concerns than anyone else.  For example, one of my B > > : staff got nailed big-time by Nimba this week... cost: 3 daysE > > : elapsed to erradicate/restore his desktop and get back to work, ! > > : actually nearly 6 man-days.  > > : J > > It's happening everywhere, all the time.  Add it up.  When you finally > > can't take it any more see:  > > . > >   http://www.columbia.edu/kermit/safe.html > > 9 > Thanks for the link. I'll recommend that folks read it.  > M > On a related tack, I came across the following article on moving to a Linux O > desktop as a replacement for Windows. This guy actually did it, and saved his = > client money too: http://robval.com/linux/desktop/index.asp   H Great stuff, Paul! Good hunting! Many thanx for this link. Got any more?   --   David J. Dachtera  dba DJE Systems  http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/    ------------------------------  # Date: Sat, 22 Sep 2001 14:05:51 GMT 4 From: LESLIE@209-16-45-102.insync.net (Jerry Leslie)J Subject: Re: OT: Gartner Recommends Businesses Look At Alternatives To IIS) Message-ID: <3V0r7.1002$Oh1.14257@insync>   ) Bob Ceculski (bob@instantwhip.com) wrote: 7 : leslie@clio.rice.edu (Jerry Leslie) wrote in message  % : news:<9ofaai$d02$3@joe.rice.edu>... 7 : > http://news.cnet.com/news/0-1003-201-7239473-0.html  : >  : >   "Gartner Viewpoint : >    Special to CNET News.com ( : >    September 20, 2001, 12:05 p.m. PT : > ) : >    By John Pescatore, Gartner Analyst  : > K : >    With the emergence of the Nimda worm--the latest in a long series to E : >    attack Microsoft's Internet Information Server (IIS) and other C : >    software--Gartner believes it's time for businesses with Web E : >    applications to start investigating less vulnerable Web server  : >    products. : >    . [ snip ]J : thats why vms webservers are the servers of choice, apache is available F : but a better server right now is purveyor ... apache has a bug when M : running under multinet or tcpware and i guarantee the crispest combination  H : is purveyor running under tcpware ... dec used purveyor and altavista F : the purveyor proxy server on their old sites ... it is bullet proof!  ( Thanks for getting this thread on-topic.  H Perhaps the PHBs/MGMs will listen to Gartner on this topic, and start toJ think about non-Microsoft solutions, although there's faint hope that theyH would consider a VMS solution, given the history of neglect VMS has had, and the FUD about its future.   H But one could hope that just a few PHBs/MGMs will realize that MicrosoftK systems have an unacceptable ever-increasing TCO (Total Cost of Ownership):   4    http://news.cnet.com/news/0-1003-200-7238508.html.    Microsoft customers balk at license changes  E One can only hope that a multisite VMSCluster as a web server will bea MARKETED someday.n  % --Jerry Leslie   leslie@clio.rice.eduu/                  leslie@209-16-45-97.insync.nets;                  leslie@209-16-45-102.insync.net is invalid 2                  (my opinions are strictly my own)   ------------------------------  % Date: Sat, 22 Sep 2001 11:19:29 -0500o1 From: "David J. Dachtera" <djesys.nospam@fsi.net>hJ Subject: Re: OT: Gartner Recommends Businesses Look At Alternatives To IIS' Message-ID: <3BACBA11.DD25CCD3@fsi.net>!   Jerry Leslie wrote:m > + > Bob Ceculski (bob@instantwhip.com) wrote: 8 > : leslie@clio.rice.edu (Jerry Leslie) wrote in message' > : news:<9ofaai$d02$3@joe.rice.edu>...e9 > : > http://news.cnet.com/news/0-1003-201-7239473-0.htmln > : >e > : >   "Gartner Viewpoint! > : >    Special to CNET News.come* > : >    September 20, 2001, 12:05 p.m. PT > : >?+ > : >    By John Pescatore, Gartner Analysth > : >.M > : >    With the emergence of the Nimda worm--the latest in a long series toeG > : >    attack Microsoft's Internet Information Server (IIS) and othertE > : >    software--Gartner believes it's time for businesses with Web-G > : >    applications to start investigating less vulnerable Web server  > : >    products.
 > : >    .
 > [ snip ]K > : thats why vms webservers are the servers of choice, apache is available9G > : but a better server right now is purveyor ... apache has a bug whenrN > : running under multinet or tcpware and i guarantee the crispest combinationI > : is purveyor running under tcpware ... dec used purveyor and altavistanH > : the purveyor proxy server on their old sites ... it is bullet proof! > * > Thanks for getting this thread on-topic. > J > Perhaps the PHBs/MGMs will listen to Gartner on this topic, and start toL > think about non-Microsoft solutions, although there's faint hope that theyJ > would consider a VMS solution, given the history of neglect VMS has had, > and the FUD about its future.  > J > But one could hope that just a few PHBs/MGMs will realize that MicrosoftM > systems have an unacceptable ever-increasing TCO (Total Cost of Ownership):l > 6 >    http://news.cnet.com/news/0-1003-200-7238508.html0 >    Microsoft customers balk at license changes > G > One can only hope that a multisite VMSCluster as a web server will bee > MARKETED someday.p   Pure personal opinion:  E Since Q/HP have a history of not doing so, I believe it will be up tosA third-party folks (VARs, OEMs, etc.) to assemble and promote suchW "packages".]  H The thinking being: Q/HP is responsive only to it's biggest clients, andG the rest of us be damned. A big enough concern should be able to garnera@ sufficient "pull" with the Q(HP?) that they'll let us do our ownE "innovating" and marketing, but at the same time stay out of our way.(  G Maybe an OMA (OpenVMS Marketing Alliance), ... OMA, Inc. ... Something?t  H Sorry - the optimist in me is breaking through, now that I'm starting to get over 11-Sep.   -- d David J. Dachterae dba DJE Systems, http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/e   ------------------------------    Date: 22 Sep 2001 18:26:41 +0800, From: Paul Repacholi <prep@prep.synonet.com>( Subject: Re: OT:: Re: World Trade Center- Message-ID: <87u1xvldwe.fsf@prep.synonet.com>o  - "John Saunders" <jws@ma.ultranet.com> writes:9  K > You are referring to "Behind the Veil", a special report by Saira Shah offI > Independant Television News in London. Yesterday's showing was a repeat,1 > airing - it originally aired several weeks ago.e > H > Given that Ms. Shah works for ITN, I doubt the piece was made for CNN.  ! Wasn't it a Channel 4 production?e   --  < Paul Repacholi                               1 Crescent Rd.,7 +61 (08) 9257-1001                           Kalamunda.e@                                              West Australia 6076. Raw, Cooked or Well-done, it's all half baked.F EPIC, The Architecture of the future, always has been, always will be.   ------------------------------  % Date: Sat, 22 Sep 2001 08:23:32 -0400r+ From: "John Saunders" <jws@ma.ultranet.com> ( Subject: Re: OT:: Re: World Trade Center+ Message-ID: <9ohvsn$s5a$1@bob.news.rcn.net>r  9 "Paul Repacholi" <prep@prep.synonet.com> wrote in message ' news:87u1xvldwe.fsf@prep.synonet.com...S/ > "John Saunders" <jws@ma.ultranet.com> writes:- >-J > > You are referring to "Behind the Veil", a special report by Saira Shah ofK > > Independant Television News in London. Yesterday's showing was a repeats3 > > airing - it originally aired several weeks ago.e > > J > > Given that Ms. Shah works for ITN, I doubt the piece was made for CNN. >a# > Wasn't it a Channel 4 production?p  G Not as far as I know (considering I don't know which "Channel 4" you're0 referring to). --
 John Saunders  jws@ma.ultranet.com    ------------------------------  % Date: Sat, 22 Sep 2001 11:11:56 -0500N1 From: "David J. Dachtera" <djesys.nospam@fsi.net> ( Subject: Re: OT:: Re: World Trade Center' Message-ID: <3BACB84C.7D8F198B@fsi.net>d   John Saunders wrote: > ; > "Paul Repacholi" <prep@prep.synonet.com> wrote in messaget) > news:87u1xvldwe.fsf@prep.synonet.com...V1 > > "John Saunders" <jws@ma.ultranet.com> writes:h > > L > > > You are referring to "Behind the Veil", a special report by Saira Shah > ofM > > > Independant Television News in London. Yesterday's showing was a repeat-5 > > > airing - it originally aired several weeks ago.1 > > > L > > > Given that Ms. Shah works for ITN, I doubt the piece was made for CNN. > >s% > > Wasn't it a Channel 4 production?  > I > Not as far as I know (considering I don't know which "Channel 4" you'ree > referring to).  < Is not "Channel 4" the UK equivalent of the US's PBS (Public Broadcasting System)?    -- t David J. Dachteral dba DJE Systemsn http://www.djesys.com/  ( Unofficial Affordable OpenVMS Home Page: http://www.djesys.com/vms/soho/    ------------------------------  # Date: Sat, 22 Sep 2001 07:56:15 GMTa" From: Art Rice <arice@myhouse.org>% Subject: Re: Really Unhackable...????v9 Message-ID: <yuXq7.1463$T%.693905@paloalto-snr1.gtei.net>1   Jack Patteeuw wrote:   > krish wrote: >>   >> Hi, >> cB >> I came across the following article today, and i was surprised.E >> Many of my friends tell me that VMS is unhackable because not many  >> use/know,G >> about VMS ,and hence hackers are not interested in hacking it. Theseb? >> friends work on  windows, and they justify windows's hacking-I >> vulnerability to its wide usage.Is this really true....are hackers noteI >> interested in hacking VMS because its not widely used/known or is it a9! >> really tough job to hack VMS ?8 > K > I will never say that any computing system is 100% absolutely unhackable,  > but VMS isF > probably one of the best on the market.  Why ?  Because security was > designed in fromF > the beginning.  Maybe this is my so many stock exchanges, lotteries, > banks, etc. use J > VMS.  You don't find it on to many desk tops but it is in the back room. > K > The most common VMS hack is a "wet hack" (convincing a human to give up ao
 > password or.F > using a simple password for important accounts).  Read the book "The > Kukoo's (sp?)o' > Egg" about the "early days"  hacking.. >  > Jack Patteeuw  > J Ahhhh, The old 'default' passwords?  What surprises me is how many people + reset the passwords 'back' to the defaults.a   -- l Art Rice Tandem Admin Special Data Processing Corp ----------------------------* All opinions are my own and do not reflect* the views of the above mentioned employer.   ------------------------------  # Date: Sat, 22 Sep 2001 08:37:59 GMT . From: Israel Raj T <israelrt@optushome.com.au>% Subject: Re: Really Unhackable...????-8 Message-ID: <f3joqtsr3msburnobbkodl12v26674hv5v@4ax.com>  C >>> I came across the following article today, and i was surprised.wF >>> Many of my friends tell me that VMS is unhackable because not manyQ >>> use/know about VMS ,and hence hackers are not interested in hacking it. Thesea@ >>> friends work on  windows, and they justify windows's hackingJ >>> vulnerability to its wide usage.Is this really true....are hackers notJ >>> interested in hacking VMS because its not widely used/known or is it a" >>> really tough job to hack VMS ?    # From a brief search on astalavista:o  ,  http://neworder.box.sk/box.php3?gfx=newo...B  COMPUTER SECURITY - VMS - How do I access the password file underF VMS? How do I crack VMS passwords? What can be logged on a VMS system?F What privileges are available on a VMS system? How do I break out of a! restrictive account? (3770 hits) i    ! : http://www.cert.org/advisories/t3  CA-1993-05: OpenVMS and OpenVMS AXP Vulnerability AB  OpenVMS and OpenVMS AXP. This vulnerability is present in OpenVMS@  V5.0 through V5.5-2 and OpenVMS AXP V1.0 but has been corrected=  in OpenVMS V6.0 and OpenVMS AXP V1.5. This advisory providesh/  CA-1992-18: Revised VMS Monitor Vulnerability h . ,  http://packetstormsecurity.org/0006-expl...A  chkperm.c 908 Jun 9 14:11:36 2000 Solaris /usr/vmsys/bin/chkperm D overflow - A long HOME environment variable can be used to provide a UID=bin shell. By Guile cool l  ,  http://packetstormsecurity.org/9911-expl...0  solaris.chkperm+arp... 2475 Dec 1 16:11:07 1999F /usr/vmsys/bin/chkperm and /usr/sbin/arp can be used to read bin-ownedF files. Tested on Solaris 2.6 and 2.7, sparc edition. By Brock Tellier    ------------------------------    Date: 22 Sep 2001 04:04:07 -0500- From: Kilgallen@SpamCop.net (Larry Kilgallen)9% Subject: Re: Really Unhackable...???? 3 Message-ID: <ezBsV2qZ9E3i@eisner.encompasserve.org>e  ^ In article <yuXq7.1463$T%.693905@paloalto-snr1.gtei.net>, Art Rice <arice@myhouse.org> writes: > Jack Patteeuw wrote:  L >> The most common VMS hack is a "wet hack" (convincing a human to give up a >> password orG >> using a simple password for important accounts).  Read the book "The  >> Kukoo's (sp?)( >> Egg" about the "early days"  hacking. >> a >> Jack Patteeuw >> sL > Ahhhh, The old 'default' passwords?  What surprises me is how many people - > reset the passwords 'back' to the defaults.a  6 No, not default passwords -- he said simple passwords.  < VMS has not had any default passwords for the past 15 years.  A Of course anyone who sets a password back to what it was 15 yearsN ago is looking for trouble.    ------------------------------  % Date: Sat, 22 Sep 2001 12:09:34 +0200 * From: Mike Rechtman <rechtman@tzora.co.il>% Subject: Re: Really Unhackable...????i* Message-ID: <3BAC635E.1050307@tzora.co.il>  ( Remarks interspersed with quotes, below:   Israel Raj T wrote:N  C >>>>I came across the following article today, and i was surprised.iF >>>>Many of my friends tell me that VMS is unhackable because not manyQ >>>>use/know about VMS ,and hence hackers are not interested in hacking it. Theseh@ >>>>friends work on  windows, and they justify windows's hackingJ >>>>vulnerability to its wide usage.Is this really true....are hackers notJ >>>>interested in hacking VMS because its not widely used/known or is it a" >>>>really tough job to hack VMS ? >>>> >  > % > From a brief search on astalavista:  > . >  http://neworder.box.sk/box.php3?gfx=newo...D >  COMPUTER SECURITY - VMS - How do I access the password file underH > VMS? How do I crack VMS passwords? What can be logged on a VMS system?H > What privileges are available on a VMS system? How do I break out of a" > restrictive account? (3770 hits)    9 I cannot reach the address referred to (neworder.box.sk) > but, from my recollectione; of these or similar topics in some Crackers' FAQ, they all - require at the very8= least login access (i.e. a valid username/password) and also i either an _extremely_r8 unsecured system, or access to a privileged account. Of 9 course you _can_ crack OpenVMS passwords - You will need  5 read access to SYSUAF.DAT, and practically unlimited o: resources - Just check all passwords from  "0        " to 5 "ZZZZZZZZ" - assuming passwords are limited to eight t characters. Not impossible...m    t >  > # > : http://www.cert.org/advisories/ 5 >  CA-1993-05: OpenVMS and OpenVMS AXP Vulnerability gD >  OpenVMS and OpenVMS AXP. This vulnerability is present in OpenVMSB >  V5.0 through V5.5-2 and OpenVMS AXP V1.0 but has been corrected? >  in OpenVMS V6.0 and OpenVMS AXP V1.5. This advisory providesu1 >  CA-1992-18: Revised VMS Monitor Vulnerability   > ..    < If this is the latest you can find... The advisory is eight < year old, and refers to versions of VMS no longer supported < - except V5.5-2, which is still in use, and for which there  is a mandatory patch.f    . >  http://packetstormsecurity.org/0006-expl...C >  chkperm.c 908 Jun 9 14:11:36 2000 Solaris /usr/vmsys/bin/chkperm F > overflow - A long HOME environment variable can be used to provide a > UID=bin shell. By Guile cool 0 > . >  http://packetstormsecurity.org/9911-expl...2 >  solaris.chkperm+arp... 2475 Dec 1 16:11:07 1999H > /usr/vmsys/bin/chkperm and /usr/sbin/arp can be used to read bin-ownedH > files. Tested on Solaris 2.6 and 2.7, sparc edition. By Brock Tellier  >   8 These last two exploits do not refer to VMS, and so are  entirely irrelevant.  < By the Bye - Looking at the logfiles on an Apache WebServer : running on VMS: hundreds, possibly thousands, of CODE RED = and NIMDA attack attempts not succeeding - "like water off a i
 duck's back."o   ~Miken --  E --------------------------------------------------------------------- ; Usual disclaimer: All opinions are mine alone, perhaps not  
 even that.? Mike Rechtman                            *rechtman@tzora.co.il*l/ Kibbutz Tzor'a.                          Voice a (home):(972)-2-99083377    "20% of a job takes 80% of the time, the rest takes y another 80%"E --------------------------------------------------------------------- * ------ GEEK CODE BLOCK (Version: 3.1)-----( GCM/CS d(-)pu s:+>:- a++ C++ U-- L-- W++' N++ K? w--- V+++$ PS+ PE-- t X- tv-- b+n DI+ D-- G e++ h--- r+++ y+++@t* ---------- END GEEK CODE BLOCK  ----------   ------------------------------  # Date: Sat, 22 Sep 2001 14:43:15 GMTe" From: Art Rice <arice@myhouse.org>% Subject: Re: Really Unhackable...????r8 Message-ID: <7s1r7.72$nz6.116317@paloalto-snr2.gtei.net>   Larry Kilgallen wrote:  D > In article <yuXq7.1463$T%.693905@paloalto-snr1.gtei.net>, Art Rice > <arice@myhouse.org> writes:t >> Jack Patteeuw wrote:o > K >>> The most common VMS hack is a "wet hack" (convincing a human to give upr >>> a password or5H >>> using a simple password for important accounts).  Read the book "The >>> Kukoo's (sp?)a) >>> Egg" about the "early days"  hacking.4 >>>  >>> Jack Patteeuws >>> L >> Ahhhh, The old 'default' passwords?  What surprises me is how many people. >> reset the passwords 'back' to the defaults. > 8 > No, not default passwords -- he said simple passwords. > > > VMS has not had any default passwords for the past 15 years. > C > Of course anyone who sets a password back to what it was 15 yearse > ago is looking for trouble.h > L Well, back when that book was written there were quite a few VAX that still J had the default SYSTEM, FIELD, and USER  passwords set.  And the title is & "The Cuckoo's Egg" first printed 1989.   --   Art Rice Tandem Admin Special Data Processing Corp ----------------------------* All opinions are my own and do not reflect* the views of the above mentioned employer.   ------------------------------  % Date: Sat, 22 Sep 2001 13:01:25 -0400b' From: Howard S Shubs <howard@shubs.net>w% Subject: Re: Really Unhackable...????a< Message-ID: <howard-2A0BE9.13012522092001@enews.newsguy.com>  * In article <3BAC635E.1050307@tzora.co.il>,,  Mike Rechtman <rechtman@tzora.co.il> wrote:  1 >  Just check all passwords from  "0        " to  7 > "ZZZZZZZZ" - assuming passwords are limited to eight t
 > characters.b   Which, of course, they're not. -- h Howard S ShubsD "Run in circles, scream and shout!"  "I hope you have good backups!"   ------------------------------  # Date: Sat, 22 Sep 2001 10:52:16 GMT 2 From: "H1Dunc" <duncwremovethis@nospamhotmail.com>M Subject: Re: The most hated country in the world ( was Re: Bomb The Mosques ) C Message-ID: <A3_q7.2320$98.10509@news1.rivrw1.nsw.optushome.com.au>o  J if you weren't such a superior bastard people might actually start to like you.  E (I'm stuffed if I'll use a spell checker to impress the likes of you)c; "Israel Raj T" <israelrt@optushome.com.au> wrote in message 2 news:8j9gqtcimf23km97710ulbi72vvmo42fde@4ax.com...G > On Wed, 19 Sep 2001 02:34:17 GMT, baba_booey@hotmail.com (Baba Booey)- > wrote: >-G > >Oh my god are you in the US?  If so remember that this country givesdI > >you one thing your Arab countries don't, the right to talk the way you  > >do about them.I >  > No, I am Australia.D6 > Havent you learned how to read message headers yet ?   ------------------------------    Date: 22 Sep 2001 18:10:31 +0800, From: Paul Repacholi <prep@prep.synonet.com># Subject: Re: VAX disaster tolerance.- Message-ID: <873d5fmt7s.fsf@prep.synonet.com>e  / JF Mezei <jfmezei.spamnot@videotron.ca> writes:N  F > After the WTC disaster, someone posted a note asking for anyone withD > a certain vax model number to eventually rebuild their cluster now< > that they had lost the node(s) in the destroyed buildings.  a? > I am curious as to what policies corporations would have with @ > regards to end-of-lifed hardware in disaster tolerant /mission > critical systems.i   ? > While a vax cluster may be built as mission critical disasteru> > tolerant system and last a very long time, what happens when/ > replacement hardware is no longer available ?u  B Well, untill a while back, we assumed we had a vendor with a CLUE,D and that if you had a 24x7 maint contract it was good for something,' including a total replacment it needed.w     -- e< Paul Repacholi                               1 Crescent Rd.,7 +61 (08) 9257-1001                           Kalamunda.f@                                              West Australia 6076. Raw, Cooked or Well-done, it's all half baked.F EPIC, The Architecture of the future, always has been, always will be.   ------------------------------  % Date: Sat, 22 Sep 2001 13:35:37 -0400 0 From: "Island Computers" <dbturner@islandco.com># Subject: Re: VAX disaster toleranceG/ Message-ID: <tqpigq36b3cn57@news.supernews.com>   K Strangely enough - We have had 3 calls from Compaq already (different partseG of the organisation) looking for 7800 parts and systems - as have othert- vendors with whom we deal on a regular basis.aH Seems Compaq (unlike the Digital we all knew and loved) have carried the% JUST IN TIME concept to WAY TOO LATE.   J The fact that people had these big beasts under maintenance suggests to meK that Compaq ought to have had a few "Hot-Spares" ready to be either truckedi% or flown in within a few hours noticeg   Not so it seems....e DT   -- David Turner   We sell Alpha systems & partso http://www.islandco.coml sales@islandco.com Island Computers US Corp.n 2700 Gregory Streetr Savannah GA 31404s Tel: 912 447 6622f Fax: 912 201 0096  ICQ#: 130698221a7 Paul Repacholi <prep@prep.synonet.com> wrote in message ' news:873d5fmt7s.fsf@prep.synonet.com... 1 > JF Mezei <jfmezei.spamnot@videotron.ca> writes:  >iH > > After the WTC disaster, someone posted a note asking for anyone withF > > a certain vax model number to eventually rebuild their cluster now> > > that they had lost the node(s) in the destroyed buildings. >aA > > I am curious as to what policies corporations would have withrB > > regards to end-of-lifed hardware in disaster tolerant /mission > > critical systems.n >cA > > While a vax cluster may be built as mission critical disaster @ > > tolerant system and last a very long time, what happens when1 > > replacement hardware is no longer available ?r >nD > Well, untill a while back, we assumed we had a vendor with a CLUE,F > and that if you had a 24x7 maint contract it was good for something,) > including a total replacment it needed.  >  >  > --> > Paul Repacholi                               1 Crescent Rd.,9 > +61 (08) 9257-1001                           Kalamunda.sB >                                              West Australia 60760 > Raw, Cooked or Well-done, it's all half baked.H > EPIC, The Architecture of the future, always has been, always will be.   ------------------------------  % Date: Sat, 22 Sep 2001 04:01:18 -0400:' From: "Bill Todd" <billtodd@foo.mv.com>- Subject: Re: World Trade Centert( Message-ID: <9ohgdh$9o1$1@pyrite.mv.net>  5 "David Froble" <davef@tsoft-inc.com> wrote in messagec& news:3BAC23ED.1050506@tsoft-inc.com...   ...   @ > Just some reality.  Events like Tuesday are 100% unacceptable, > regardless of the reason.   F You may have come to this party a bit late:  that point has never been) questioned in any manner, by anyone here.e   >oH > While things are never even, or fair, those poor powerless people have6 > the same chance as the rest of the world to prosper.  G The economic and social seas in which we all swim vary greatly from oneeJ place to another - and if you happen to be born in a nutrient-poor part ofI those seas, it's far harder to 'prosper' than if you happen to be born inhA the U.S. or many other developed countries with at least somewhate enlightened governments.     That they don't is7 > not the fault of the USA.  Not in any meaningful way.y  L Sometimes not, sometimes so.  If our government supports a repressive regimeC in their country, incontrovertibly so.  If our businesses support aeJ repressive regime in their country, certainly so at least 'in a meaningfulC way'.  If our government or businesses significantly and negatively L interfere in the internal workings of their country, even under an otherwiseF decent regime, we're also at some fault.  And if our government and/orK businesses support some other country that affects their country negatively ) in such ways, we're not blameless either.e  H Turning your back on responsibility doesn't make it go away - but it canJ easily make those you're injuring feel even angrier while at the same timeC feeling less able to do anything about it by non-violent means.  It/H certainly appears to be what drives at least *some* individuals over the5 edge into terrorism, and others into supporting them.s     Remember, all:F > those who think talking is better, (which it is), that you have thatJ > capability because of the blood and lives of countless people throughoutE > the history (sometimes good, sometimes not so good) of our country.>? > Nobody handed us any freedoms, our ancestors fought for them.n  H Some people are in a far better position to fight for their freedom thanI others.  During the American Revolution, we had a large, relatively free,kF and moderately affluent population, with access to inexhaustible localK resources and a fair amount of existing armaments, spread across one of thesF larger colonies in the world, available to fight an enemy which had toG travel 3,000 miles across an ocean just to engage us.  By contrast, thebL Iraqi people, to pick a current example, are faced with an indigenous tyrantF backed by a local army that's one of the larger standing armies in theK world, ready and willing to use mass weapons such as poison gas against itstF own population, and lack both weapons to fight with and the ability to  organize without being detected.  K Sitting back and proclaiming that such people have only themselves to blamebG for not changing their predicament really isn't appropriate, especially J given that  a) we provided a great deal of the backing for Iraq's militaryL establishment not all that long ago and  b) we failed to eliminate it during/ the Gulf war when we had a good opportunity to.p   >-F > At this time I think talking is out of the question.  September 11thE > cost the USA more than double of it's citizens than Pearl Harbor in-F > 1941.  From that perspectives, the response should be double of whatH > followed Pearl Harbor.  So, what is that, 4 nukes?  Just joking.  WhatG > I'm hoping to see is a prolonged effort to eradicate the environment,wI > anywhere on the planet, where terrorism, injustice, and intolerance cana > exist.  E Again, most of the debate appears to be about means rather than ends: L eliminating terrorism may be impossible (since we already know that a coupleC of whackos like McVeigh and Nichols are all it takes to carry out a I significant terrorist act), but minimizing it is certainly a common goal.o  I Thinking that you can wipe it out by entirely by force is the issue here.aF Some force may be required in the case of existing terrorists provablyL responsible for a significant criminal act, but the only way for force to doC the job *entirely* (without doing anything about the root causes of H terrorism) is to use it to wipe out future terrorists before they becomeJ terrorists.  And, of course, doing that job only half-way just causes manyI more of the relatives, friends, and neighbors of those currently innocentPK individuals whom you wipe out to become terrorists themselves - fueling theA- 'environment' that it was meant to eradicate.0  J Some people seem to think that kind of genocide is justifiable.  Others ofH us believe it's not only as morally unacceptable as the terrorism itselfE (and more so on a personal level, given our responsiblity for our ownwJ country's actions) but also far less efficient and effective than the manyJ things we can do to eliminate the conditions that cause many to become, or' support, terrorists in the first place.u   >sG > Might be an impossible job, seeing as the single worst thing that hassJ > happened to the world is religion, and here it is acting once again as a: > mask for the dark side the harm people do to each other.  G Doing it by force might indeed be impossible, since the amount of force.D required could cause even our closest friends to become sufficientlyD appalled to stop us.  The news tonight reported Gallup polling in 31J countries:  people in most of them believed the WTC/Pentagon attack shouldC be treated as a criminal matter, with the U.S. and Israel being thei- conspicuous advocates of a military response.R  L But doing it by a combination of the minimum force necessary to bring provenJ existing criminals to justice (or justice to them) plus efforts to addressC underlying issues - by changing them where we're wrong, working outeI compromise in grey areas, and maintaining a dialogue that establishes ouraI respect for those we cannot reach agreement with while ensuring that theywC understand our reasons - might succeed where force alone could not.t   - bill   ------------------------------  % Date: Sat, 22 Sep 2001 10:35:24 +0200   From: Paul Sture <paul@sture.ch> Subject: Re: World Trade Centera+ Message-ID: <VA.00000453.0a4ba6b0@sture.ch>@  M In article <rdeininger-2109011015110001@user-2ivec36.dialup.mindspring.com>,   Robert Deininger wrote:oJ > In article <y48zf8d6im.fsf@mailhost.neuroinformatik.ruhr-uni-bochum.de>,J > Jan Vorbrueggen <jan@mailhost.neuroinformatik.ruhr-uni-bochum.de> wrote: > J > > On the other hand, I have yet to see another country where the fear ofJ > > criminal violence (armed assault, mugging, etc.) is so pervasive as inK > > the USA. I found this much more unsettling and disturbing than any fear $ > > of terrorist acts could inspire. > - > Jan, where are you getting this impression?m >bM Speaking as someone from the UK, this impression has been with me ever since .G childhood. Indeed one of my sister's school teachers was subject to an  D attempted mugging within 5 minutes of arriving in New York, and the M policeman who saw the mugger off recommended that he carry a gun. Many years e  ago, but that story kinda stuck.  I > Having lived here, backwoods and big cities, all my life, I have to saycL > that "fear of criminal violence" is NOT particularly pervasive amoung mostK > people.  Also, statistics clearly show that such crimes have been gettingoH > less common for years.  There are bad neighborboods here, as I supposeF > there are in every country, where crime is much higher than average. > M Which coincides nicely with a documentary a colleague saw earlier this year, pH which presented the "other side of the US", portraying it as a peaceful  place, quite safe to live in.m  K The tidbit which stuck with me with force was a bit about leaving ignition :K keys in unattended cars - yes I know I've seen it on films, but if you did lL that in the UK, you'd stand a very high chance of losing the car. In fact I H know places where that would be greater than 99%, even without the keys!  L > As an example, violent crimes in NYC have gone down in the last 8-10 yearsH > by factors of 2, 5, or even more, depending on the category.  The ideaD > that there are guns and shooting all over the place is just wrong. > = Yes, we've heard about that. It sounds a massive improvement.   I > What IS pervasive in most areas is the media's habit of emphasizing bad3I > news, and particularly violent crime.  Their FAVORITE topic is anythingtL > bad that involves guns.  An armed robbery where a shopkeeper is injured orL > killed is always headline news, usually with emphasis on the evil gun.  AnJ > incident where an armed shopkeeper shoots the robber, or just scares himF > away using a gun (which happens FAR more often according to reliableK > statistics), is barely mentioned.  A crime avoided, or mitigated, is justrK > not newsworthy to these folks, unless it has a particularly vivid aspect.  > E > So, my message is, you should not always believe the picture of our 4 > culture that's painted by the major media outlets. >i( Surely a problem which needs addressing? ___-
 Paul Sture Switzerland-   ------------------------------  % Date: Sat, 22 Sep 2001 10:14:55 -0400n2 From: rdeininger@mindspring.com (Robert Deininger) Subject: Re: World Trade CenteraL Message-ID: <rdeininger-2209011014550001@user-2ive7ir.dialup.mindspring.com>  @ In article <VA.00000453.0a4ba6b0@sture.ch>, paul@sture.ch wrote:    O > Speaking as someone from the UK, this impression has been with me ever since -I > childhood. Indeed one of my sister's school teachers was subject to an -F > attempted mugging within 5 minutes of arriving in New York, and the O > policeman who saw the mugger off recommended that he carry a gun. Many years -" > ago, but that story kinda stuck.   My only visit to Europe...  F I was in Amsterdam for a week for a job interview.  I arrived after anD overnight flight, jet-lagged.  I took the train to the city, and wasJ waiting for the tram. I noticed 2 or 3 guys crowding around me, and fearedG they were pickpockets or worse.  I kept a tight grip on my bags.  Alas,MG they had knives.  Going up the steps into the tram, the guy ahead of me5I stopped, and the guy behind cut the straps holding two bags together, and I took one.  (The only one I didn't have a white-knukle grip on.)  I didn'taD even know it had happened, until the police stopped the tram a shortB distance away and took me off.  (Just AFTER I paid my fare, grrr!)  J There had actually been a gang of FIVE theives watching me.  All were wellF known to the railway police, who had been watching, knowing that I wasF going to be robbed.  They managed to grab 2 of them, including the oneH that ended up with my bag.  I had to go with the police to fill out someH papers.  After an hour, they decided that they didn't have jurisdiction,H since the theft took place outside of the station.  They put me in a carC driven by a man with a death-wish, who zoomed us through the narrow-F streets to some city police station.  After another hour and a half ofE forms, they gave me back my bag and let me leave.  I asked what would H happen to the theives.  "They've already been released" was the answer. F The officer expected they would eventually be fined, but not very much1 since street theives are poor, at least on paper.<  E My hosts told me this kind of theft is common in the city.  They alsotH explained why everyone has an old, beat up bicycle.  They know they willI be stolen every few months, so they don't want to spend much money.  TheyeG all used good locks, and all had had more than one bike stolen.  People I also experienced a lot of car thefts (at least compared to what we expect  in the U.S.)  O All in all, a very unpleasant week.  I turned down the job when it was offered.T  M > The tidbit which stuck with me with force was a bit about leaving ignition _M > keys in unattended cars - yes I know I've seen it on films, but if you did uN > that in the UK, you'd stand a very high chance of losing the car. In fact I J > know places where that would be greater than 99%, even without the keys!  J I wouldn't leave keys in a car in most places in the U.S.  There are stillH places where it is done, and where houses are never locked, but they are getting harder to find.    -- y Robert Deininger rdeininger@mindspring.comt   ------------------------------   End of INFO-VAX 2001.528 ************************